<?php
/**
 * @CopyRight  (C)2006-2011 LiangJing Development team Inc.
 * @WebSite    www.liangjing.org www.asp99.cn
 * @Author     Liangjing.org <asp3721@hotmail.com>
 * @Brief      liangjingcms v1.x
 * @Update     2011.09.11
 * @Id         单页
**/
session_start();
require_once 'source/core/run.php';

$action		= Core_Fun::rec_post("sublogin");

switch($action){
    case 'mylogin';
	    login();
		break;
	default;
	    volist();
		break;
}
function login(){
	//Core_Auth::checkauth("adminadd");
	global $db;
	$loginname	= Core_Fun::rec_post('loginname',1);
	$password	= Core_Fun::rec_post('password',1);
	$checkcode	= Core_Fun::rec_post('checkcode',1);
	$founderr	= false;
	if(!Core_Fun::ischar($loginname)){
	    $founderr	= true;
		$errmsg	   .="登录帐号不能为空.<br />";
	}

	if(!Core_Fun::ischar($password)){
		$founderr	= true;
		$errmsg	   .= "登录密码不能为空.<br />";	
	}

   if(!Core_Fun::ischar($checkcode)){
		$founderr	= true;
		$errmsg	   .= "验证码不能为空.<br />";
	}else{
		if($checkcode != $_SESSION["verifycode"]){
			$founderr	= true;
			$errmsg	   .= "验证码不正确.<br />";
		}
	}


	if($founderr == true){
	    Core_Fun::halt($errmsg,"",1);
	}
	else 
		{
     userlogin($loginname,$password);
	}




}

	function userlogin($username,$password,$ajax=0){
		global $db;
		$username = Core_Fun::replacebadchar($username);
		$password = Core_Fun::replacebadchar($password);
		$md5password = md5($password);
		$sql  = "SELECT a.*,g.grupname,g.level,g.gpurview".
			    " FROM ".DB_PREFIX."user AS a".
			    " LEFT JOIN ".DB_PREFIX."usergroup AS g ON a.usergroupid=g.usergroupid".
			    " WHERE 1=1 and lower(a.loginname)='".strtolower($username)."' AND a.password='$md5password'";
		$rows = $db->fetch_first($sql);
		if($rows){
			if($rows['flag']==0){
				Core_Fun::halt("对不起，该帐号被禁止！","login.php",4);
			}else{
            $_SESSION["USERID"]=$rows['userid'];
			$_SESSION["USERNAME"]=$username;
			$_SESSION["usergroupname"]=$rows['grupname'];
			$_SESSION["gpurview"]=$rows['gpurview'];
			$_SESSION["USERLEVEL"]=$rows['level'];
			$_SESSION["pointnum"]=$rows['pointnum'];
			$_SESSION["lastlogindate"]=$rows['lastlogindate'];
		
				$array  = array(
					'lastlogindate'=>time(),
					'pointnum'=>'[[pointnum+1]]',
					'lastloginip'=>Core_Fun::getip(),
				);
				$db->update(DB_PREFIX."user",$array,"loginname='$username'");
				Core_Command::runlog($username,"登录成功.",1);
				if($ajax==1){
					return true;
				}else{
		Core_Fun::halt("登录成功","login.php",0);
				}
			}
		}else{
			Core_Command::runlog($username,"登录后台失败.",1);
			if($ajax==1){
				return false;
			}else{
				Core_Fun::halt("对不起，帐号或者密码不正确！","login.php",4);
			}
		}
	}




?>




